摘要
物联网设备数量庞大,分布广泛,防护能力较弱,容易受到恶意攻击。同时,攻击者可以通过俘获大量物联网终端设备发起海量流量攻击。针对上述问题,文章提出一种基于聚类+分类的物联网恶意攻击检测方法。首先,对物联网流量数据进行预处理,采用随机森林进行特征重要性评估,并采用主成分分析法进行部分特征降维;然后,采用改进的k-means算法对流量预处理结果进行攻击聚类,对不同的攻击簇,基于CART决策树实现攻击分类。文章基于物联网恶意攻击数据集Bot-IoT和网络攻击数据集KDD CUP 99进行实验验证,结果表明,文章方法具有良好的攻击检测效果,尤其可有效提升低频攻击的检测准确率。
The Internet of things(IoT)devices are large in number,widely distributed,weak in protection,and vulnerable to malicious attacks.At the same time,attackers can capture a large number of the IoT terminal devices to launch massive attack traffic.To solve the above problems,this paper proposes a malicious attack detection method for IoT based on clustering and classification.Firstly,the traffic data of the IoT is preprocessed,random forest is used to evaluate the importance of features,and principal component analysis is used to reduce the dimensionality of some features.Then,the improved k-means algorithm is applied to cluster the results of traffic preprocessing.For different attack clusters,attack classification is implemented based on CART decision tree.Based on Bot-IoT and KDD CUP 99,the experimental results show that the proposed method has good attack detection effect,especially can effectively improve the detection accuracy of low-frequency attacks.
作者
李群
董佳涵
关志涛
王超
LI Qun;DONG Jiahan;GUAN Zhitao;WANG Chao(State Grid Beijing Electric Power Company,Beijing 100075,China;School of Control and Computer Engineering,North China Electric Power University,Beijing 102206,China)
出处
《信息网络安全》
CSCD
北大核心
2021年第8期82-90,共9页
Netinfo Security
基金
国家自然科学基金[61972148]。
关键词
物联网
聚类
分类
入侵检测
Bot-IoT
Internet of things
clustering
classification
intrusion detection
Bot-IoT
